Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:59489 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 54906 invoked from network); 9 Apr 2012 08:35:51 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 9 Apr 2012 08:35:51 -0000 Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.161.170 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.161.170 mail-gx0-f170.google.com Received: from [209.85.161.170] ([209.85.161.170:41528] helo=mail-gx0-f170.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 32/EF-56433-66F928F4 for ; Mon, 09 Apr 2012 04:35:50 -0400 Received: by ggmb2 with SMTP id b2so1979363ggm.29 for ; Mon, 09 Apr 2012 01:35:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; bh=Ecz8b8upgA8nOt5Gnvhaak8Ad7Pu6tWEDTQo9tjSkXM=; b=HUgttBj6AgrH47DzMtZIXdH6CozYwIVpH0/tHEZqjrs3l5gIAFUTiwKKX17NywBcWr eVebuYXkfFYYCnikpUTQwrCC4Dqj6U+g1GP58LddA/D9h3AXz/xC6t5bZqM2SekV0D7R iu1DQR9jvLnLYazqmAC8CBHnRE4+qiddPNK8NDVpc16MbWQoe7Se4l9l/Se9E3q08Tcp rmt+Oxsdj5epryw1EDiep9nuw4FlDVxl6uWYOW2rC8Fi4RB8B2QnsR6uCrKbx8pygdZK OAyWfx6iVDpSTqnFiPqQ4RQk7rb8l054JMSenC5a37oXxLkdvh/NrTE4JJ0hu8Xdeey6 ehXQ== Received: by 10.236.190.42 with SMTP id d30mr5081103yhn.77.1333960547810; Mon, 09 Apr 2012 01:35:47 -0700 (PDT) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.146.86.14 with HTTP; Mon, 9 Apr 2012 01:35:07 -0700 (PDT) In-Reply-To: References: <4F80C739.2060404@gmail.com> Date: Mon, 9 Apr 2012 17:35:07 +0900 X-Google-Sender-Auth: riGgJOReDpSSid2qF8ogKBo06k8 Message-ID: To: Arvids Godjuks Cc: PHP Internals , Tom Boutell Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: [PHP-DEV] PHP class files without : > And you get same issues that existed with magic quotes, register variables, > safe mode and other optional stuff that was required to run application when > set specificaly and it would break if something set differently. PHP just > got rid of it and you want to introduce a new optional feature that will > change how PHP behaves. Magic Quotes is broken by design. Register Globals may work but erroneous. Safe Mode was great for fail safe, but it was misunderstood. Therefore, they are removed. All of these are security related changes why not for mandatory embed mode? There were full of embedded PHP pages 10 years ago. Only template pages require embedded PHP script now. There is no compatibility issue for current code. New code that adopts non-embed scripting will enjoy better security than now. Embed w/o option would be the last existing PHP feature that other language programmers may call "PHP is insecure than my language" IMO Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net